Has any one done any work on getting LUKS working on the Galaxy Nexus yet? I know ICS has encryption but it is not the same (It is file level; dm-crypt encryption and leaves room for data leaks).
For that reason does any know of a WhisperCore alternative?
Thanks!
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
textshell said:
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
Click to expand...
Click to collapse
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
x942 said:
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
Click to expand...
Click to collapse
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
textshell said:
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
Click to expand...
Click to collapse
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
If you have ever use encryption you would know that the less an attacker knows the better. Hence encrypting the entire system is better than only encrypting a partition.
I don't like how Google implements dm-crypt. It would be more secure if the entire device was encrypted as it would completely look like random data to an attacker.
Why would you only encrypt your home folder and not every thing BUT /boot?
I prefer the whispercore way of doing it. I poweroff and you can't access anything except the login screen.
x942 said:
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
Why would you only encrypt your home folder and not every thing BUT /boot?
Click to expand...
Click to collapse
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
textshell said:
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
Click to expand...
Click to collapse
Yes but as I said any one that would put that effort in would have to get the phone from me (which I carry 24/7) and once I know I no longer have control of it I would (as I said) reset it and sell it. You are basically saying all Full Disk Encryption (including on computers) is useless because someone can modify the bootloader. I hate to say it (and this is not directed to any one in this thread) but only a true ignorant person would fall victim to a evil maid attack, It is common sense NOT to trust something that you lost control of.
My situation is different: I run a non-profit organization and my employees need to carry sensitive data with them. Why risk security with the built in dm-crypt when something like WhisperCore is much better? I don't won't an attacker knowing ANYTHING about the device.
ICS built in encryption is just as useful as Home folder encryption in Linux. Your data may be safe but an attacker can ascertain how much data is there. And in some case use this information to infer what data may be present on the device. This is why most people using encryption use FDE and not just home folder encryption. When you are done there should be absolutely no way for anyone to tell the encrypted partition from random data (wiped data).
No, i'm just saying the full partition encryption of /data is enough on galaxy nexus and that you can't protect from an evil maid attack except by drastic measures after you lost control of your phone.
Understandable but I respectfully disagree. I want FULL DISK Encryption not Partition encryption. Take a look here: http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Security_levels
Either way (even if it is secure enough) It's not going to get approved for me to use in a work environment (FIPS 140-2). This is why I need some like WhisperCore. We handle sensitive data at my company.
Related
Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Are there any know exploits / gaping security holes?
If my phone is lost or stolen is encrypted going to prevent any data theft?
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Thank you for any info,
BR
bob_ross said:
Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Click to expand...
Click to collapse
It encrypts your entire drive, at least /data and /sdcard, not individual files.
Are there any know exploits / gaping security holes?
Click to expand...
Click to collapse
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
If my phone is lost or stolen is encrypted going to prevent any data theft?
Click to expand...
Click to collapse
Supposedly, yes. But only if: 1.) You use a pattern/password/pin/face unlock on your lockscreen or 2.) You leave your phone off. If someone finds your phone, and you use only the slide lock and you leave it on, encryption is worthless.
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Click to expand...
Click to collapse
I haven't used encryption, but I would have assumed that it would use a different password than the one for your Android user account. I'm assuming by your question that that's not how it works, in which case, that's kind of stupid.
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Click to expand...
Click to collapse
Same rules apply to any password you create anywhere ever. A good mix of numbers and letters, no dictionary words, and probably 10 chars +. Use mnemonic devices to remember without making the password too obvious.
Thank you for any info,
BR
Click to expand...
Click to collapse
I should mention that you should also only bother encrypting if you will remain stock. If you plan on flashing ROMs, you'll just have to re-encrypt constantly. Plus, I'm pretty sure CWM and TWRP would be unable to wipe or install anything unless you unencrypt first anyway.
EndlessDissent said:
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
Click to expand...
Click to collapse
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
advancedbasic said:
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
Click to expand...
Click to collapse
Thanks. I hadn't read about AES-256 since I encrypted my laptop several months ago. I looked it up again, and the part about the NSA was that they approved AES-256 as their own encryption model for top secret documents. The NSA must trust AES-256 at least marginally.
I'm interested in hearing about the security that other Android users employ on their devices. I don't ever have anything particularly sensitive on my device, but certainly data and images that I wouldn't want other people to have access to should my device be lost or stolen.
Obviously the first starting point is a lock screen code which I already have in place. I use a four digit pin code, and realise from playing around with it that after five incorrect attempts the device will make you wait 30 seconds before trying again. Is this the only restriction, or does the time get longer, or trigger something else after more attempts?
Secondly, I have a number of photographs stored on the SD card. Thinking about it this is a big security issue as someone could simply take it out of the phone and plug it straight into a laptop and go through the data.
The next issue is the encryption of the phone itself. I know that there is an encryption option built in, but I'm of the understanding that the password has to be the same as the lockscreen code. Which seems far from ideal as a 4 digit pin for the lockscreen code is convenient, but probably not strong enough if you're encryping data.
Finally, the option of a remote wipe. I've used a variety of apps in the past, but haven't installed any since installing my latest ROM. What do people use?
I'm interested to hear any input about what people use on the device, or what ways I could increase the security of my device.
Anyone getting hold of your phone can easily get to your data unless you encrypt them.
The best bet I think would be to install the EDS app or the Cryptonite app (both available on the Play). The latter has the capability to open and mount a Truecrypt container.
(I think you have to create the container first on a PC, but since I don't use Cryptonite, I can't be sure of it).
For remotely wiping your phone, I heard Avast! Antivirus app has the best reviews; and it's free.
Sent from my GT-I8150 using xda app-developers app
pepoluan said:
Anyone getting hold of your phone can easily get to your data unless you encrypt them.
The best bet I think would be to install the EDS app or the Cryptonite app (both available on the Play). The latter has the capability to open and mount a Truecrypt container.
(I think you have to create the container first on a PC, but since I don't use Cryptonite, I can't be sure of it).
For remotely wiping your phone, I heard Avast! Antivirus app has the best reviews; and it's free.
Sent from my GT-I8150 using xda app-developers app
Click to expand...
Click to collapse
Why do you favour EDS/Cryptonite over the built in Android encryption method. They seem to offer more flexibility to me. Will they encrypt the whole phone, or just a new, special folder? Like an encrypted zip file in a way.
I've installed Avast and am in the process of setting it all up.
creative-2008 said:
Why do you favour EDS/Cryptonite over the built in Android encryption method. They seem to offer more flexibility to me. Will they encrypt the whole phone, or just a new, special folder? Like an encrypted zip file in a way.
I've installed Avast and am in the process of setting it all up.
Click to expand...
Click to collapse
I prefer not all of my SD Card to be encrypted, since encryption is taxing to the CPU. Truecrypt containers will be mounted as a folder, so it's what I wanted: a space to store files which will be encrypted, without needing to encrypt the whole phone.
TrueCrypt also needs to be manually mounted; Android encfs gets automatically mounted on boot.
Plus, TrueCrypt containers have been known to stump even three-letter organizations.
Sent from my GT-I8150 using xda app-developers app
pepoluan said:
I prefer not all of my SD Card to be encrypted, since encryption is taxing to the CPU. Truecrypt containers will be mounted as a folder, so it's what I wanted: a space to store files which will be encrypted, without needing to encrypt the whole phone.
TrueCrypt also needs to be manually mounted; Android encfs gets automatically mounted on boot.
Plus, TrueCrypt containers have been known to stump even three-letter organizations.
Sent from my GT-I8150 using xda app-developers app
Click to expand...
Click to collapse
Thanks for sharing you knowledge with me.
I'm going to give the TrueCrypt approach a go. I'll probably set up a small area on the SD card first with some documents and photos and see how that works out.
There are other areas though that I wouldn't want a thief to have access to, such as my messages or perhaps my recent photos? I assume these can't be stored in the TrueCrypt container, but would be protected by encrypting the whole phone with Android's method.
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Just to share, I found following to be foolproof
- Setup Pin + Fingerpints
- Setup Pin / Password for phone startup
This
- Keeps the device encrypted
- Unable to boot without pin
- Unable to access TWRP without pin
- Doesn't auto-mount on USB connect
Still, it would be interesting to hear about any cons of the above setup.
hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.
zelendel said:
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.
Click to expand...
Click to collapse
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
Cerberus is a really nice app... You have alot of options sadly it isn't free! But heyy, it's cheap and it's functional! Other then that keep your device encrypted and a boot password should do.
As long as you're not rooted and unlocked, it will be a bit hard for an thieve to have access to your phone. Leaving ADB on, might as well decrease the overall security of the phone.
I for example was given a tablet which had a Google account synced with it, and resetting from recovery only made me renter the credidentials previously used to be able to pass the setup.
My luck was that the guy left ADB on and with a simple command I bypassed the setup screen.
hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Renosh said:
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.
zelendel said:
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
zelendel said:
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.
Click to expand...
Click to collapse
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
2x4 said:
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
No its not really. It's so they can send relevant ads. Those that remember smartphones before Apple or Android knows that it is not really needed.
zelendel said:
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
Click to expand...
Click to collapse
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?
2x4 said:
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?
Click to expand...
Click to collapse
Because that is before startup and not the bootloader, even with those set up they normally dont cover download mode or what ever mode that particular OEM uses (not all use the same). In extreme cases with some apps that make it a bit harder or people just dont want to be bothered to mess with things too deeply there are tools available that Will push the update right to the board bypassing all security. Sure its a little extra work but it is a sure bet when you cant get into a device and cant be bothered hunting down getting around it.
Also for the passwords on startup. any password cracker would take out the average password in a matter of min.
This has been very interesting and so much to learn. Thank you all for great inputs.
zelendel said:
I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Puddi_Puddin said:
Cerberus is a really nice app...
Click to expand...
Click to collapse
Have it in all my Androids Very helpful at times, even for non theft purpose..
XDRdaniel said:
Leaving ADB on, might as well decrease the overall security of the phone.
Click to expand...
Click to collapse
Thanks. Will read more on this.
Renosh said:
for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
zelendel said:
With way your data is meaningless.
Click to expand...
Click to collapse
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
2x4 said:
. this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
Hmm.. I think I came across that in OP3. Didn't pay attention though.
zelendel said:
Because that is before startup and not the bootloader,
Click to expand...
Click to collapse
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.
hyperorb said:
This has been very interesting and so much to learn. Thank you all for great inputs.
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Have it in all my Androids Very helpful at times, even for non theft purpose..
Thanks. Will read more on this.
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
Hmm.. I think I came across that in OP3. Didn't pay attention though.
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.
Click to expand...
Click to collapse
You don't need to steal someone's phone to get a fake ID with their info. 1500 usd will get you that without it.
As for getting nothing in hand. They got exactly what they wanted. The device. Unless you work for the government in a high place. Then your data is meaningless on your phone. You already put it in enough places on line while using a pc that if they want it they already have it.
I could easily steal someone identity with a little more then what they post on Facebook or other social media outlets.
as i backup everything (WebView Bug) i started to think about rooting my device.
What are the benefits? Back in the days, rooting was necessary for me.
but since i own a note10+ i dont really miss anything.
is there any reason to root and install a cfw?
BlechBoX said:
as i backup everything (WebView Bug) i started to think about rooting my device.
What are the benefits? Back in the days, rooting was necessary for me.
but since i own a note10+ i dont really miss anything.
is there any reason to root and install a cfw?
Click to expand...
Click to collapse
(sorry for my bad English, I'm using an online translator)
To be frank with any modern Android cell phone I don't see any real benefit to rooting a phone, I even dare to say that it generates the opposite.
Root access in Android/Linux is similar to administrator access in Windows UAC. Which means that you are gaining access to higher levels within the system and this means that in the same way that you have access, any app can have it (you can grant it) and this includes good apps as well as malware apps.
Root has benefits when it comes to modifying the system... But do you really need to modify your system or change it completely?
And this approach comes from the fact that most users use their phone for recreational purposes (chat, play a game, watch a movie, etc). That is, they have no reason to need more than what most OEM configs offer. Even many OEMs have security systems (like Knox) that are compromised by getting root access to your terminal.
Of course, this excludes developers, who have to root it for technical reasons, or simply users who want to try new things (new GSIs, kernels, etc.) Or even who want to learn more about how Android works. But unless you have these intentions, rooting it is unnecessary and exposes your phone to risks.
I don't see too many advantages to rooting it... just -don't- upgrade to Q!!!
I'm using PD MDM package disabler and Karma Firewall to lock mine down as well as to control it. For me the current configuration provides a fast, stable, predictable platform that fullfills its mission role completely... and I like the way it looks/runs.
Even though I'm running Pie and surf a lot I never had to do a forced reload due to a virus, malware, etc; it's fairly secure. Side loading introduces the opportunity for rootkits and other crap. Flashing poorly vetted firmware is an invitation for disaster... of all kinds.
No worries about bricking it or investing lots of time for rooting or the reconfiguration that would be necessary. I already spent the time needed to optimize my stock 10+; rooting would require many more hours with only a slight performance return. Rooting would also be detrimental in a number of ways that could easily cost more than just time... I'm still covered by the carrier insurance.
For me factory resets now, when needed, are fairly quick with no data loss. Rooting could help a little but not much but could also end up costing much more reload time then it takes me now.
I use the SD card as a data drive then back that up at least 3X. I can do a full restore with little or no internet connection and no PC in about 2 hours as long as the SD card data is intact.
Hi Everyone,
i'm facing a big issue with my Samsung Galaxy S20. here is the story : i forgot my PIN code and decided to factory reboot it in order to recover my configuration without having to remember the PIN I've forgotten, thinking that my Google account will make it for me. When i restarted my phone, the configuration assistant is offering me to deliver the config with all pictures, messages, screenshots etc etc to restore the mobile as it was before the hard reboot. The problem is that it is requiring the PIN code i've forgotten, and i don't know how to proceed to recover it (and the system is telling that there are 5 remaining attempts before removing it from the phone). There are a lot of cherish pictures i'd love to recover on this save and i don't know how to reach it without the PIN Code. Do you know if there is a way to do it ? (maybe with the source code or something ? ) that would be really helpful ! many thanks for your help !
Is it possible to use your Samsung account to recover it?
Can you connect with adb?
Pause, relax, and explore all other possibilities.
Try Samsung and Google tech support, you may get lucky.
You have a SD card slot. Why didn't you use as your data drive? Too late now but learn from your mistakes.
It's possible you didn't forget that password and it became corrupted. I got locked out of a laptop bios like that.
In the future don't set password unlocks for the phone.
NEVER encrypt backup data.
You are the most likely to be locked out, sometimes by no fault of your own... other than using the lock or encryption in the first place.
Always redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC.
I've lost databases, not fun... but educational.
Regardless of the outcome consider this experience a course from the U of Hard Knocks.
My backup protocols may seem like overkill (I use way more than 2 hdds for backup) but it's what's needed to prevent critical data lose. Cloud backup is ok to use but the primary archive should always be hdds that are well maintained and protected.